JSON API资源是否可以具有关系的简写形式的属性?

时间:2019-03-07 12:58:04

标签: json semantics semantic-markup json-api jsonapi-resources

我有一个用于检索用户的JSON API端点。此资源还将用于获取用户的权限,以显示或隐藏我们的前端应用程序中的特定元素。

资源如下:

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "meta": {
    "content-type": "application/vnd.api+json"
  },
  "links": {
    "self": "/users/some-uuid"
  },
  "data": {
    "type": "users",
    "id": "some-uuid",
    "attributes": {
      "email": "some-email@example.com",
      "permissions": [
        "view-all-users",
        "view-all-shifts"
      ]
    },
    "relationships": {
      "roles": {
        "data": [
          {
            "type": "role",
            "id": "some-role-uuid"
          }
        ]
      }
    }
  }
}

permissions属性保存用户拥有的权限的子弹。

如果不存在此属性,则前端应用程序将必须包含资源rolesroles.permissions才能获得用户的权限。该响应如下所示:

HTTP/1.1 200 OK
Content-Type: application/vnd.api+json

{
  "jsonapi": {
    "version": "1.0"
  },
  "meta": {
    "content-type": "application/vnd.api+json"
  },
  "links": {
    "self": "/users/some-uuid"
  },
  "data": {
    "type": "users",
    "id": "some-uuid",
    "attributes": {
      "email": "some-email@example.com",
      "permissions": [
        "view-all-posts",
        "edit-all-posts"
      ]
    },
    "relationships": {
      "roles": {
        "data": [
          {
            "type": "role",
            "id": "some-role-uuid"
          }
        ]
      }
    },
    "included": [
      {
        "type": "roles",
        "id": "some-role-uuid",
        "attributes": {
          "name": "Editor"
        },
        "relationships": {
          "permissions": {
            "data": [
              {
                "type": "permission",
                "id": "some-permission-uuid"
              },
              {
                "type": "permission",
                "id": "some-permission-uuid-2"
              }
            ]
          }
        }
      },
      {
        "type": "permissions",
        "id": "some-permission-uuid",
        "attributes": {
          "slug": "view-all-posts"
        }
      },
      {
        "type": "permissions",
        "id": "some-permission-uuid",
        "attributes": {
          "slug": "edit-all-posts"
        }
      }
    ]
  }
}

在这种情况下,前端必须做很多处理才能获得许可权。我的问题是:像上面的示例一样,在用户资源上拥有简写属性permissions是不好的吗?还是前端应该始终通过这种关系来获取子弹?

  

注意:将来我们将提供一个管理界面,用户可以在其中管理用户,角色和权限。这就是为什么角色和权限可以作为单独的实体使用的原因。

0 个答案:

没有答案